According to the Information Technology Rules, the following types of data are considered sensitive personal data to which the rules of Information Technology Act apply:
However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force cannot be considered sensitive personal data.
The Information Technology Rules require for all body corporates to address any discrepancies and grievances of the provider of information with respect to processing of information in a time bound manner. For this purpose, the body corporate is required to designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer would then be responsible for addressing the grievances of information providers in an expeditiously manner within one month from the date of receipt of grievance.